Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
Description
Similar issue: https://issues.apache.org/jira/browse/CB-8253
There are several places in the File plugin, File Transfer plugin and cordova-android where streams do not use try
{ fis.closed }catch (IOException e) {} in a finally block allowing for the possibility they will never be closed if an exception occurs at the wrong place.
Affected files:
cordova-android/~CordovaResourceApi.java: line: 166, 377
cordova-plugin-file/~Filesystem.java: line: 253, 286
cordova-plugin-file-transfer/~FileTransfer.java: line: 665
cordova-plugin-file/~LocalFilesystem.java: line: 403, 461, 507
Recommendations of Fortify:
public void processFile(String fName) throws FileNotFoundException, IOException { FileInputStream fis; try { fis = new FileInputStream(fName); int sz; byte[] byteArray = new byte[BLOCK_SIZE]; while ((sz = fis.read(byteArray)) != -1) { processBytes(byteArray, sz); } } finally { if (fis != null) { safeClose(fis); } } } public static void safeClose(FileInputStream fis) { if (fis != null) { try { fis.close(); } catch (IOException e) { log(e); } } }